A sophisticated callback scam is underway where criminals are impersonating Australian Big Four banks in an attempt to extract money from unsuspecting Australian companies in the education, legal, and insurance sectors.
During July 2025 alone, over 70,000 attempts were detected, with many more possibly going undetected, and the attacks are continuing.
Mimecast’s Threat Research Team identified that scammers are impersonating major Australian banks including Westpac, Commonwealth Bank, and Macquarie, with hyper-realistic notifications in an attempt to trick unsuspecting victims into calling fraudulent support numbers. The criminals, from undisclosed locations, are targeting high-value institutions, the majority being in the education sector, but also the legal and insurance sectors.
“These attacks stand out from the rest because of the precision by the attackers towards high-value targets such as large universities and top law firms. Also, because of the attention to detail by the scammers when creating the fraudulent bank notifications,” said Garrett O’Hara, Senior Director, Solutions Engineering at Mimecast.
The attack methodology centred on sophisticated email templates designed to mimic legitimate bank account statements. Recipients receive professionally crafted emails showing unauthorised transactions of around $1,500, creating immediate urgency and concern.
The emails contain specific transaction details including the fake merchant names of ‘Infinite Holdings’ or ‘Smart Apps’, or Victorian locations such as Lockington and Pomonal, along with authentic-looking reference codes.
The emails prompt recipients to call phone numbers that were controlled by scammers, who then impersonate bank representatives to extract personal financial details or direct victims to make fraudulent transfers.
“This campaign is particularly concerning because it blends two powerful tactics – the trust Australians place in their banks and the urgency created by fraudulent transaction alerts,” said Garrett O’Hara, Senior Director Solutions Engineering at Mimecast. “The impersonation of Australian banks combined with a callback request makes this a highly effective and worrying evolution of social engineering scams.”
While callback scams are not new, they have traditionally involved fake subscription notifications from services like PayPal. Mimecast’s latest threat intelligence indicates a significant shift towards bank impersonations as emails, and the notifications becoming increasingly realistic.
“We see this threat evolving to target a much larger number of Australians, so awareness about it is very important,” Garrett added.
The warning signs and common traits of this scam include the subject lines of ‘Alert Completed Details Enclosed,’ ‘Financial Summary Sent Recently,’ ‘Invoice Completed Recently,’ or ‘Your Recent Payment: Summary Notification’. The fraudulent contact numbers used by scammers include ’03 8256 7521′, 02 5621 1059′, and ‘1800 458 259’.
“Legitimate banks will not request urgent callbacks via email,” Garrett added. “Organisations should require staff to independently verify banking communications through official bank channels and ensure that any phone numbers are checked against legitimate banking contact details.
“The scale of the attack we have detected demonstrates that Australian businesses are firmly in the sights of scammers. Organisations that proactively train staff and put in place strong verification processes will be far better placed to avoid falling victim.”
Anyone who believes they’ve been targeted should contact police, report it to ScamWatch.gov.au, or call the national cyber security hotline at 1300 CYBER1 (1300 292 371). Reports can also be made at cyber.gov.au.
